Traditional methodologies for making payments utilize paper instruments, such as cash or checks, and electronic transactions, such as credit or debit cards. Paper instruments advantageously allow a full payment to be completed immediately at the point of sale without the need for any further exchange after the good or service has been delivered. When the transferred funds are large, however, paper instruments may not be practical. In addition, the fear of theft or loss discourages possession of paper instruments. Electronic transactions developed successfully due to the advent of secure data systems and networks that permit payments made to vendors at the point of sale without physical transfer of paper currency. Electronic transactions thus greatly increase consumer convenience, especially when the transacted commerce is large. Electronic commerce, however, generally requires fixed, immobile infrastructure (such as automated teller machines (ATMs), shared banking networks, or point-of-sale (POS) terminals) that may sometimes be inaccessible. In addition, although completion of a transaction typically requires the physical presence of the consumer—who may be asked to authenticate himself, present a physical token and/or provide a signature to a merchant or bank—fraudulent use of the physical tokens (e.g., credit and debit card numbers) still occurs frequently.
Widespread usage of computationally advanced mobile telecommunication devices can potentially extend the reach of electronic transactions. Because a mobile payment (or “m-payment”) may directly initiate, authorize, and confirm an exchange of financial value in return for goods and services, the need for consumers to carry paper instruments or physical tokens and/or access immobile infrastructure is minimized. Existing m-payment approaches typically create a transaction flow in which a consumer presents payment data to a merchant who then presents it to a payment processor; the customer data (e.g., a credit-card or debit-card number) required to transact the payment is stored directly on a physical medium (e.g., credit cards) or digitally on network-accessible servers (e.g., Google wallet or a secured near-field communication (NFC) mobile wallet). At each stage of this traditional m-payment, however, the collectively stored consumer data is accessible and vulnerable to compromise.
Securing customers' privacy during payment transactions is of paramount importance; even a few instances of customers suffering a financial loss may destroy the marketplace viability of an m-payment scheme. Because conventional m-payments workflows store the identity and financial account information of the user within a single organization or server cluster, the central store of sensitive data provides a tempting target to malicious “hackers,” who circumvent security measures and steal payment credentials. Such violations have been fairly common in Internet-based commerce; many consumers have experienced identity theft when information is stolen from an entity that maintains financial accounts. As a result, adoption of mobile devices that facilitate m-payments has been limited by security concerns; these security concerns have discouraged users from signing up for m-payment procedures that require registration or provide personal information to the system infrastructure.
Consequently, there is a need for an approach that is conveniently implemented and used, but which can securely transact payments for goods or services using a mobile device.